From: "Charles Romestant" <cromestant@gmail.com>
To: Grant Taylor <gtaylor@riverviewtech.net>
Cc: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Port Forwarding .
Date: Wed, 9 Jul 2008 14:50:36 +1930 [thread overview]
Message-ID: <5078d3df0807081220q71674472m660de0de432e6bd7@mail.gmail.com> (raw)
In-Reply-To: <4872CFA4.4030406@riverviewtech.net>
ok, flushed all tables, and all chains, changed back the policy to
accept, and then reentered the rules you sent me before Grant. And
stil no dice.
root@charz-server:/home/charz# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 1241 packets, 167K bytes)
pkts bytes target prot opt in out source
destination
24 1296 DNAT tcp -- eth0 * 0.0.0.0/0
10.0.1.192 tcp dpt:80 to:10.0.10.1
Chain POSTROUTING (policy ACCEPT 29 packets, 5063 bytes)
pkts bytes target prot opt in out source
destination
0 0 SNAT tcp -- * eth0 10.0.10.1
0.0.0.0/0 tcp spt:80 to:10.0.1.192
Chain OUTPUT (policy ACCEPT 35 packets, 5543 bytes)
pkts bytes target prot opt in out source
destination
still the prerouting seems to be matching but the others stay at 0.
At the moment i m still reading documentation to see if i can spot the mistake,
thanks again for the help.
Why would the prerouting accept and not continue to postrouting?
On Tue, Jul 8, 2008 at 9:53 PM, Grant Taylor <gtaylor@riverviewtech.net> wrote:
> On 7/7/2008 6:58 PM, Charles Romestant wrote:
>>
>> ok a little more info, for debugs sake...
>
> Ok! You have not been clearing your IPTables before adding additional
> rules. Please run the following commands and re-try what I submitted
> earlier.
>
> iptables -t filter -F
> iptables -t nat -F
>
>> again it seems only the first rulein the PREROUTING is executing as
>> consecutive looks at this while trying to browse to the page show increment
>> in pckts.
>
> *nod*
>
> Your first DNAT rule, which is incorrect, is being matched before the
> rule(s) that I provided. You need to flush your IP tables and chains.
>
>> again, thank you for your patience.
>
> *nod*
>
> You are welcome.
>
>
>
> Grant. . . .
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Charz
next prev parent reply other threads:[~2008-07-08 19:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-07 21:49 Port Forwarding Charles Romestant
2008-07-07 22:10 ` Grant Taylor
2008-07-07 22:32 ` Charles Romestant
2008-07-07 22:33 ` Charles Romestant
2008-07-07 23:10 ` Charles Romestant
2008-07-07 23:58 ` Charles Romestant
2008-07-08 2:23 ` Grant Taylor
2008-07-08 19:20 ` Charles Romestant [this message]
2008-07-08 19:37 ` Grant Taylor
2008-07-08 19:40 ` Charles Romestant
2008-07-08 19:50 ` Grant Taylor
2008-07-08 19:54 ` Charles Romestant
2008-07-08 20:11 ` Charles Romestant
2008-07-08 20:21 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5078d3df0807081220q71674472m660de0de432e6bd7@mail.gmail.com \
--to=cromestant@gmail.com \
--cc=gtaylor@riverviewtech.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox